Vulnerability CVE-2013-3582

Published: 2013-08-28   Modified: 2013-08-29

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.



(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: DELL
Product: Latitude d530 
Product: Latitude d 
Product: Precision m6300 
Product: Latitude e6500 
Product: Latitude e5400 
Product: Latitude d630 
Product: Latitude xt2 
Product: Precision m6500 
Product: Precision m2400 
Product: Latitude e6400 
Product: Latitude d830 
Product: Precision m 
Product: Precision m4400 
Product: Latitude e6400 atg xfr 
Product: Latitude e4300 
Product: Latitude d531 
Product: Latitude e 
Product: Precision m6400 
Product: Precision m2300 
Product: Latitude e5500 
Product: Latitude d631 
Product: Latitude z600 
Product: Precision m4300 
Product: Latitude e6400 atg 
Product: Latitude e4200 

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature w...
Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject...
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted cod...
Dell EMC Unity and UnityVSA versions prior to contain a plain-text password storage vulnerability. A Unisphere user?s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files fo...
Dell EMC Unity and UnityVSA versions prior to contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota confi...
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit th...
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

Copyright 2019,


Back to Top